You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Antivirus Xp 2008

I registered today because I followed your "How to remove Antivirus XP 2008 (Uninstall Instructions)", but I believe I was still infected after that. I noticed something that I did not find described anywhere and may be of help to others:

When I was first infected with that thing I noticed a new file %WINDIR%\system32\el32.dll that was in use while the virus did its thing. I removed it in the recovery console (started from XP CD), but it reappeared shortly after that.

The malwarebytes software that you recommend removed most symptoms but left el32.dll in place. Also it claimed that the dll was "not infected". However, it was still newly created and still in use, which made me suspicious. I got rid of it as follows:
- downloaded PrcView 5.2.15 (google for newest version of PrcView)
- In PrcView, go to menu View | Module Usage, find el32.dll in the list. Right-click dll, select "Filter Process List"
- Now only one instance of svchost.exe is shown in the main window of PrcView (note that svchost.exe is a generic process host, it is not necessarily bad). Rightclick that instance and select kill (it would have been smart to first check how it was run - that prcview also can do, but I did not think of that - sorry)
- After that I run combofix which deleted some files:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.